<script type="text/javascript" charset="utf-8">
    (function(){
        function onReceive(message) {
            // If we're not using IE, or HTTPS we can use document.write
            if ((window.location.protocol === 'http:') || !navigator.userAgent.match(/MSIE|rv:11/i)) {
                document.write(message.data);
                document.close();
                return;
            }

            // In all other cases document.write() is blocked in callbacks - process the HTML instead
            // We also have to individually add <script> tags back in - same as when using unsafeHTML in react
            var domParser = new DOMParser();
            var html = domParser.parseFromString(message.data, 'text/html');
            document.getElementsByTagName('head')[0].innerHTML = html.getElementsByTagName('head')[0].innerHTML;
            document.getElementsByTagName('body')[0].innerHTML = html.getElementsByTagName('body')[0].innerHTML;

            var allScripts = document.getElementsByTagName('script');
            if (allScripts.length > 0) {
                var scripts = [];
                for (var i = 0; i < allScripts.length; i++) {
                    scripts.push(allScripts[i]);
                }

                for (var i = 0; i < scripts.length; i++) {
                    var s = document.createElement('script');
                    s.innerHTML = scripts[i].innerHTML;
                    scripts[i].parentNode.appendChild(s);
                    scripts[i].parentNode.removeChild(scripts[i]);
                }
            }
        }

        if (window.addEventListener){
            addEventListener("message", onReceive, true);
        } else {
            attachEvent("onmessage", onReceive);
        }

        top.postMessage('loaded', "*");

    })();

    (function(XMLHttpRequest){
        if (!XMLHttpRequest || !XMLHttpRequest.prototype) return;
        var noXHR = function() {
            if (console) {
                console.error('Not Permitted');
            }
        };
        XMLHttpRequest.prototype.open = XMLHttpRequest.prototype.send = noXHR;
    })(this.XMLHttpRequest);
    </script>
